Fingerprints [GRC.com]

Discussion in 'privacy general' started by ronjor, Jul 16, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Interesting. Gibson lives on.
     
  3. cyph3rpunk

    cyph3rpunk Registered Member

    Joined:
    Jul 17, 2013
    Posts:
    5
    Very nice trick. Mr. Gibson is awesome
     
  4. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    When I hear "Steve Gibson" I usually giggle a bit and move right along. I think "Raw Sockets" when I hear Steve Gibson's name.

    However.....

    That was a good read.

    `
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    That was a great read. Can't help but notice that Wilder's does not employ the EV (extra verification) certificates.

    Admins - would that be much more overhead or why are they not in play here? Just curious since this place is all about security.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Because HTTPS isn't that important for a site like Wilders. There is no CC info being used and almost everything is public. That's why the SSL is the way it is.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I am not sure I agree with that statement. I suppose its relative for each member here. I'll grant you its not like logging into your Bank, but end to end encryption is really nice for peace of mind. HTTPS is just that - assuming - you are actually logged into the site you think you are. The EV aspect removes any possibility that someone/something is sitting in the middle and brokering your traffic in both directions.

    I don't want a "middleman" (sitting after my exit node) knowing that I am Palancar while I am logged in here or anywhere. Sure my tunnel protects going backwards, but I prefer to know the exit node to the end forum post is encrypted without question.

    I am not losing sleep, it would be a nice addition if the costs and overhead where small. In the meantime is there a way to log in somewhere here to find out the site's actual certificate fingerprint so I would know for sure by glancing in the browser?? I can see mine in a second but I would need to save the actual for comparison to be SURE. Easy to do.
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    There is a vBulletin FAQ that always shows the current self-signed certificate's fingerprints...

    https://www.wilderssecurity.com/faq.php?faq=wilders_custom_faqs#faq_wilders_ssl_tls_use

    Within that article, there are links to a few previous posts/threads of mine that explain my reasons for going with a self-signed certificate. (There is always a thread about it in General Topics in March of each year, which is when a new 1-year cert is installed.)

    The current year's cert is noted in this post, which includes both the text of the fingerprint and an image picture of it, as well.

    https://www.wilderssecurity.com/showpost.php?p=2205579
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Thank you for the explanation. It makes perfect sense. Several of the sites I participate on have "self signed" certificates.

    I have noted your cert. fingerprints for my use. Rather take a few seconds and be safe. Its an easy habit to get into.

    This is really a great site with helpful folks. I try to help when I can as well.

    Awesome reliability so cudo's to Wilder's!!!!!!!!!!!
     
  10. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    I agree. He has, at times, been the Chicken Little of the Internet.

    Those concerned with the subject matter of this thread may want to look at a couple of browser plugins designed to help alert you to the fact that someone [not necessarily your provider or place of work] may have compromised your connection to a secure website:

    - Convergence
    - Perpsectives

    There's also CertPatrol, though it's probably less useful if you start using it on a network that already has an SSL proxy in place.
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hey dear LockBox,

    Maybe we have to agree to disagree a little bit, my friend. ;)
    When I hear "Steve Gibson", I think of the old days and of ShieldsUP!, LeakTest, Shoot The Messenger, UnPlug n' Pray, SpinRite, and more. (There was a now abonded program, made by Albert and based on the ideas of Joseph and with input by others, that was a direct "result" of LeakTest. We had a, now archived, sub-forum for it here. That was long before the HIPS times. Remember: how do you know that program A, that wants outbound connection, is actually program A and not malware program B). I think of that old PCHelp case that caused such an "uproar" and for which Steve created a special sub-forum (believe me, that was a hot topic back in those days). I think of very dear old friends here; some of them were very active on Steve's forums.
    Oh well, each has his/her memories of old days. Sometimes it is good to know about history. We have historians for that ;)

    - back to topic -
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    We need more "Chicken Littles", I think. Reality keeps turning out far stranger than most had imagined :(
     
Loading...
Thread Status:
Not open for further replies.